package com.ld.controller;

import com.ld.pojo.Users;
import com.ld.service.UsersService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.util.ArrayList;
import java.util.List;

@Controller
@RequestMapping
public class UserController {

	@Autowired
	private UsersService usersService;
	@RequestMapping("/user/welcome")
	public String welcome(){
		return "welcome";
	}

	@RequestMapping("/login")
	public String login(){
		return "login";
	}

	@GetMapping("/user/findAll")
	@ResponseBody
	//@Secured({"ROLE_user"})             // 代表当前有user角色就可访问方法
	//@PreAuthorize("hasAuthority('user')") //[方法执行前] 代表判断是否有指定权限，如果有就可以访问
	//@PreAuthorize("hasAnyAuthority('user','select')") //[方法执行前] 代表判断是否有指定权限列表中的一个或多个，如果有就可以访问
	//@PostAuthorize("hasAuthority('user')") //[方法执行后] 判断是否有指定权限
	//@PostFilter("filterObject.username == 'bbb'") // 过滤方法返回结果中的数据，其中filterObject代表返回的集合中的某一项
	public List<Users> findAll(){
		System.out.println("postAuthorize...");
		List<Users> users = new ArrayList<>();
		users.add(new Users(1,"aaa","test1111"));
		users.add(new Users(2,"bbb","test222"));
		return users;
		// return usersService.findAll();
	}

	@GetMapping("/user/findAll2")
	@ResponseBody
	@PreFilter(value = "filterObject.id % 2 == 0")
	public List<Users> findAll2(@RequestBody List<Users> users){
		System.out.println("ids = " + users);
		return users;
	}


}
